Can we all agree that pretexting is bad? Apparently not; phone companies, …

Share this story

After the Hewlett-Packard scandal broke earlier this year, it looked like Democrats and Republicans could both agree that pretexting was naughty. Legislative action to curtail the activity was expected to come swiftly, but Congress has still not passed a bill and some states have run into opposition as well. Who opposes pretexting laws? Phone companies, private investigators, and—that's right—the Motion Picture Association of America.

The MPAA was behind a concerted effort to sink a comprehensive California anti-pretexting bill this summer, according to Wired. Lenny Goldberg, who works as a lobbyist for the Privacy Rights Clearinghouse, said that "the MPAA has a tremendous amount of clout and they told legislators, 'We need to pose as someone other than who we are to stop illegal downloading.'" Legislative records confirm that MPAA lobbyists talked with legislators about the bill, but the group isn't saying anything about its role in the debate.

In Washington, legislation ran into last-minute problems over disagreements about an exemption for intelligence agencies. Phone companies have also put pressure on legislators not to hold them responsible for privacy breaches (some proposed laws have included fines for telecoms firms that don't adequately protect customer data). Private investigators, both in California and at the national level, remain unhappy with such bills because they claim that they sometimes need such information in the course of legitimate investigations.

While the legal framework is being hammered out in Congress, 15 states have taken it upon themselves to pass anti-pretexting laws, most after legislators realized that existing laws did not explicitly ban the practice, and that it was hard to prosecute under existing anti-fraud statutes.

That doesn't mean that the Feds are doing nothing, though. Both the FCC and FTC have enforcement divisions that have been working on the problem. Kris Anne Monteith, who heads the Enforcement Bureau at the FCC, told a Congressional committee (PDF) in late September that her agency began looking into the pretexting issue in the summer of 2005 and has issued subpoenas to more than 30 data brokers since that time, trying to discover how they gather their information. Monteith notes that "no company admitted to engaging in 'pretexting'," but also says that FCC investigators learned that "data brokers routinely engage in this practice."

The Electronic Privacy Information Center, which filed comments on the issue with the FCC earlier this year, outlines the wide range of data available from such firms: phone records, physical location of a phone user, GM Onstar data, asset searches, the real identity of an online nickname, and Social Security Numbers.

But how exactly does pretexting happen? New York Post columnist Chris Byron (who has also testified before Congress on the issue) explains how it happened to him back in 2002. "The case file showed how my records had been stolen by someone who phoned AT&T's customer service center over 50 times, each time claiming to be me and asking for a copy of my phone records for the late summer and early autumn of 2002. Finally, the impersonator hit pay dirt, winding up on the phone with a service rep of an AT&T subcontractor named Aegis Communications Corp. who swallowed the imposter's bait and read out the details of more than 60 phone calls, line by line, in a conversation that took more than a hour."

California has finally criminalized such behavior, passing a narrow bill that made the gathering of phone records through pretexting illegal, but saying nothing about any other forms of data. Will the federal government go further? We'll have to wait until next year to find out.